Red team and penetration testers - consultantPosted: Sept. 2, 2021, 10:42 a.m. - Full Time - Chennai
- Should have minimum 2yrs of information security experience (client serving candidates preferred) in conducting application/network security assessments – We are looking for candidates across all experiences, Candidates with relevant experience and skill set will be treated accordingly.
- Certifications like OSCP, SANS GPEN, CISSP or any other industry accredited security certifications would be preferred
- Good interpersonal, problem solving, reasoning and analytical skills
Duties and Responsibilities:
- Technical execution and the quality of the deliverables for the engagements
- Promote the development of the team by providing constructive on-the-job feedback/coaching to team members
- Demonstrate ability to quickly assimilate to new knowledge.
- Experience in conducting Red Team assessments, APT attack simulations, etc
- Web Application Security Assessment - In-depth knowledge of web application attacks and defense strategies (SQL injection, XSS cross-site scripting, CSRF, logic flaws, etc) and Thick client applications, mobile applications (VAS), ERP applications (SAP, etc)
- Experience in Internal & External Penetration Testing on Network Infrastructure (including Servers, firewalls, Routers, switches, etc) including conducting wireless security assessment
- Should have a good understanding of application level attacks with hands on experience in discovering and exploiting issues with/without the assistance of tools.
- Security Focused Code Review of Applications (at least one of the following languages C, C++, Java, .NET)
- Experience with network penetration testing tools such as nessus, nmap, core impact, metasploit, and similar
- Experience with analyzing Router, Switches, Firewall rule base focused on security.
- Experience on Virtualization technologies (VMware), SAP network security. Telecom network security, VOIP, Cloud security (AWS, Azure), IOT, DevSecOps
- Experience in Security Architecture Review
- Understanding of application security guidelines/requirements from OWASP, PCI/DSS, etc
- Proficiency with understanding and writing/modifying exploits.